CVE-2026-3695 SourceCodester Modern Image Gallery App delete.php path traversal

A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public an...

CVE-2026-3695

CVE-2026-3695 affects SourceCodester Modern Image Gallery App 1.0. The vulnerability is in an affected function of /delete.php where filename manipulation enables path traversal. Exploitation can be remote; exploit code maturity is documented as PROOF-OF-CONCEPT. CVSS metrics across versions indi...

CVE-2026-3070

CVE-2026-3070 affects SourceCodester Modern Image Gallery App 1.0. The vulnerability is located in an unknown functionality of the file upload.php where manipulation of the filename argument leads to cross-site scripting (XSS) . The attack can be launched remotely and, per the description, the ex...

CVE-2025-70457

A Remote Code Execution RCE vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save...